Per the report, APT41 “targets industries in a manner generally aligned with China’s Five-Year economic development plans.” The group is said to be unique among China-based players because it utilizes tools that are ideally used for espionage campaigns and instead focuses them on activities motivated by personal gain.
The research disclosed that ATP has been operating across over 14 jurisdictions for the past seven years, with its targeted industries including healthcare, high technology (semiconductors, batteries, and electric vehicles), media, pharmaceuticals, and more. Its operations are essentially spilled between those that are financially-motivated, and those sponsored by the Chinese government.
In one instance, APT41 targeted the reservation systems of a hotel ahead of the arrival of Chinese state officials, suggesting that they were hired by the government to perform reconnaissance on the hotel for security reasons. Their cybercrime intrusions were said to be apparent amongst the video game industry, with activities including virtual currency manipulations and attempts to deploy ransomware. FireEye also highlighted that APT had used its access to some production environments to corrupt files with malicious code, which are subsequently infused into targeted organizations.
The company noted, “These supply chain compromise tactics have also been characteristic of APT41’s best known and most recent espionage campaigns.”
Report: State-Sponsored Espionage Group Moonlights as Cybercriminal Society